Single sign-on without a broker application
First Claim
Patent Images
1. In a computing environment, a method of facilitating single sign-on on a device having sandboxed applications, the method comprising:
- identifying a plurality of associated applications, wherein at least a first application of the associated applications is in a different sandbox security container than at least a second application of the associated applications, and wherein each application of the plurality of associated applications comprises authentication information for obtaining services from one or more service providers;
selecting a primary application from among the plurality of associated applications based on one or more known criteria;
storing an authentication state at the primary application, wherein the authentication state comprises an authoritative set of state data for each of the plurality of associated applications;
receiving an authentication request at a non-primary application within the plurality of associated applications; and
servicing the authentication request via the primary application, wherein authentication information for the non-primary application is derived from the authentication state stored at the primary application.
1 Assignment
0 Petitions
Accused Products
Abstract
Facilitating single sign-on on a device having sandboxed applications. A method includes identifying a plurality of associated applications. Criteria are evaluated to identify a primary application. Authentication state is stored at the primary application. One or more portions of the authentication state can be used by the applications in the plurality of associated application for authentication.
-
Citations
20 Claims
-
1. In a computing environment, a method of facilitating single sign-on on a device having sandboxed applications, the method comprising:
-
identifying a plurality of associated applications, wherein at least a first application of the associated applications is in a different sandbox security container than at least a second application of the associated applications, and wherein each application of the plurality of associated applications comprises authentication information for obtaining services from one or more service providers; selecting a primary application from among the plurality of associated applications based on one or more known criteria; storing an authentication state at the primary application, wherein the authentication state comprises an authoritative set of state data for each of the plurality of associated applications; receiving an authentication request at a non-primary application within the plurality of associated applications; and servicing the authentication request via the primary application, wherein authentication information for the non-primary application is derived from the authentication state stored at the primary application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A sandboxed system comprising:
-
a memory configured to store a plurality of associated applications, wherein each application of the plurality of associated applications comprises authentication information for obtaining services from one or more service providers; a security unit configured to maintain security containers to generate a plurality of sandboxes wherein at least some of the applications in the plurality of associated applications are in different sandboxes; and a processor configured to select a primary application from the plurality of associated applications based on one or more known criteria, wherein the primary application comprises an authentication state at the primary application, the authentication state comprising an authoritative set of state data for each of the plurality of associated applications including the authentication information for each of the plurality of associated applications, and which is used by the primary application to service one or more authentication request directed to one or more non-primary applications in the plurality of associated applications. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A sandboxed system comprising:
-
one or more processors; and one or more computer-readable hardware storage devices comprising computer executable instructions that are executable by the one or more processors for causing the sandbox system to perform the following; an election algorithm computation, wherein the election algorithm computation comprises; identifying a plurality of associated applications, wherein at least a first application of the associated applications is in a different sandbox than at least a second application of the associated applications, and wherein each application of the plurality of associated applications comprises authentication information for obtaining services from one or more service providers; and selecting a primary application from among the plurality of associated applications based on one or more known criteria; and storing an authentication state at the primary application, wherein the authentication state comprises the authoritative set of state data for each of the plurality of associated applications; receiving an authentication request at a non-primary application within the plurality of associated applications; and servicing the authentication request via the primary application, wherein authentication information for the non-primary application is derived from the authentication state stored at the primary application. - View Dependent Claims (20)
-
Specification